Stock Market Pro
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: stock-market-pro Version: 1.2.12 The skill bundle provides tools for stock market analysis, news search, and options flow data. All scripts (`ddg_search.py`, `news.py`, `options_links.py`, `uw.py`, `yf.py`) perform their stated functions using standard libraries like `yfinance`, `ddgs`, and `playwright`. There is no evidence of data exfiltration, malicious execution (e.g., `curl|bash`, `eval`), persistence mechanisms, or obfuscation. The `SKILL.md` instructions are clear and do not contain any prompt injection attempts designed to manipulate the agent into unauthorized actions. `subprocess` calls are used safely by passing arguments as lists, preventing shell injection. The use of `--no-sandbox` for Playwright is a common practice for headless browsers and not indicative of malice in this context.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or running the scripts may download current versions of Python packages from external package sources.
The skill relies on third-party packages fetched at runtime or by user setup, and the documented install commands do not pin exact package versions.
This skill uses `uv run --script` for dependency handling... Dependency: `pip3 install -U ddgs`
Use a virtual environment, review the dependencies, and prefer pinned/locked versions if you need reproducible or hardened installs.
If you invoke this helper, it runs browser automation locally and loads external web content.
The optional Unusual Whales helper can start a headless Chromium browser, with sandboxing disabled, to load a third-party market site.
p.chromium.launch(
headless=True,
args=["--disable-gpu", "--no-sandbox"],
)Only run the browser helper when needed, prefer the documented browser-first link workflow when possible, and avoid `--no-sandbox` in stricter environments.
Repeated runs for the same ticker may overwrite the same chart file, and unusual ticker strings could create unexpected filenames.
The chart output filename is derived from the ticker symbol and written to a predictable /tmp path; normal stock tickers are expected, but the visible snippet does not show filename sanitization.
path = f"/tmp/{symbol}_pro.png" ... savefig=pathUse ordinary ticker symbols only; maintainers should sanitize filenames or use a safe temporary-file API.